Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/a6592e-b1c1-407c-8f04-301df272152e/1/pd4NfQq1m5q0gJRIY8-JV63L0Ug.roa
File:                     pd4NfQq1m5q0gJRIY8-JV63L0Ug.roa (raw, json)
Hash identifier:          2jDsm0ha9EaVCILusmCVnInYpOVbfVEOKEtxwwvPFb4=
Subject key identifier:   A5:DE:0D:7D:0A:B5:9B:9A:B4:80:94:48:63:CF:89:57:AD:CB:D1:48
Certificate issuer:       /CN=87d7f7d2fc1348914c006b55ab93f2d2e3390de6
Certificate serial:       01968ADD1B2B5EDFD3B3269D7795C16D194E
Authority key identifier: 87:D7:F7:D2:FC:13:48:91:4C:00:6B:55:AB:93:F2:D2:E3:39:0D:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h9f30vwTSJFMAGtVq5Py0uM5DeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/a6592e-b1c1-407c-8f04-301df272152e/1/pd4NfQq1m5q0gJRIY8-JV63L0Ug.roa
Signing time:             Thu 01 May 2025 08:01:08 +0000
ROA not before:           Thu 01 May 2025 08:01:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52080
IP address blocks:        185.249.152.0/22 maxlen: 22
                          185.249.152.0/24 maxlen: 24
                          185.249.153.0/24 maxlen: 24
                          185.249.154.0/24 maxlen: 24
                          185.249.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/a6592e-b1c1-407c-8f04-301df272152e/1/h9f30vwTSJFMAGtVq5Py0uM5DeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/a6592e-b1c1-407c-8f04-301df272152e/1/h9f30vwTSJFMAGtVq5Py0uM5DeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h9f30vwTSJFMAGtVq5Py0uM5DeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 08:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:8a:dd:1b:2b:5e:df:d3:b3:26:9d:77:95:c1:6d:19:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87d7f7d2fc1348914c006b55ab93f2d2e3390de6
        Validity
            Not Before: May  1 08:01:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5de0d7d0ab59b9ab480944863cf8957adcbd148
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ea:c6:9a:33:cd:af:04:4f:ca:cb:b0:71:91:
                    60:6a:ad:8f:42:b7:59:53:4a:2a:46:59:f8:62:49:
                    29:34:63:f5:71:9f:34:09:2a:d5:79:e2:10:3e:96:
                    60:bc:95:d0:c3:4c:83:51:1d:6d:60:33:e3:12:83:
                    47:e0:d3:7a:ce:17:33:6a:49:98:24:79:b5:98:44:
                    29:1a:13:e9:56:24:09:7d:06:74:43:f5:f2:c7:bb:
                    8a:5f:bb:26:3e:57:d4:03:f6:0d:a1:90:ad:49:dd:
                    73:2b:74:7c:4f:4c:71:9b:b8:8c:f3:f3:f5:2e:b3:
                    d5:8a:bd:72:e7:6c:7d:dd:36:a2:d8:6f:b8:c1:5d:
                    63:30:6d:50:e5:29:b5:1c:2d:ec:44:da:5f:4e:e8:
                    45:04:1e:c0:06:52:0d:b3:e4:ec:52:a1:7c:ae:07:
                    11:ff:fb:0b:ba:ab:e7:d7:fa:c1:b9:39:49:88:3b:
                    e5:fe:d7:66:39:c9:86:eb:e9:69:55:1e:8f:19:4a:
                    80:3c:d4:f6:5c:df:9c:1a:22:0c:6e:d0:6b:88:0d:
                    1f:88:c3:d4:53:84:77:5e:3a:86:a4:92:67:70:d6:
                    3f:5f:df:4c:1f:17:40:59:a6:f3:01:dd:14:b0:04:
                    d7:96:1f:35:d2:c1:2a:e3:a8:af:06:0a:75:50:ce:
                    ef:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:DE:0D:7D:0A:B5:9B:9A:B4:80:94:48:63:CF:89:57:AD:CB:D1:48
            X509v3 Authority Key Identifier:
                keyid:87:D7:F7:D2:FC:13:48:91:4C:00:6B:55:AB:93:F2:D2:E3:39:0D:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h9f30vwTSJFMAGtVq5Py0uM5DeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a6592e-b1c1-407c-8f04-301df272152e/1/pd4NfQq1m5q0gJRIY8-JV63L0Ug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a6592e-b1c1-407c-8f04-301df272152e/1/h9f30vwTSJFMAGtVq5Py0uM5DeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:40:2d:41:c7:44:b1:a9:0d:d4:32:e8:01:33:0a:80:0d:e6:
         03:f5:51:85:31:62:ca:0a:66:77:e1:c7:ab:3e:cf:56:09:ea:
         b0:5c:69:05:9e:0c:66:87:6f:27:46:36:c7:a1:35:3d:fd:fa:
         9d:4d:25:2d:74:7f:8c:f8:59:bd:ee:cb:55:01:12:38:42:5e:
         ad:31:5c:41:29:ee:2e:0b:d5:13:4c:7a:bc:62:ca:58:c1:cc:
         53:fc:15:ee:8e:7b:ff:b9:a0:92:c1:0b:d8:0f:ad:74:aa:a8:
         ce:2e:2c:df:d9:86:95:ea:da:b7:7e:2f:03:f0:15:8c:b9:49:
         5e:b9:dc:f5:67:9b:79:44:78:f7:ef:85:e0:ca:45:64:88:4d:
         b5:e9:b4:42:57:27:c5:25:4a:22:d2:ff:6b:b0:cb:e3:79:66:
         cc:d0:08:4f:9f:17:82:81:d0:e6:cb:64:ed:d8:ee:4e:6c:bd:
         b8:b1:21:d4:0e:04:da:f1:25:17:0b:bb:1a:9c:48:b4:2f:67:
         cd:a2:e6:8b:0a:f6:28:16:a8:58:ae:2b:e3:0f:22:55:34:e2:
         05:81:af:ce:e6:a5:7b:db:c5:f9:e3:32:39:1d:fa:69:49:19:
         a0:cd:c7:18:8d:6a:95:17:d5:3e:e3:59:1e:95:6a:bc:11:cd:
         a5:0a:ef:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaK3RsrXt/Tsyadd5XBbRlOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZDdmN2QyZmMxMzQ4OTE0YzAwNmI1NWFiOTNmMmQyZTMz
OTBkZTYwHhcNMjUwNTAxMDgwMTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWRlMGQ3ZDBhYjU5YjlhYjQ4MDk0NDg2M2NmODk1N2FkY2JkMTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+rGmjPNrwRPysuwcZFgaq2PQrdZ
U0oqRln4YkkpNGP1cZ80CSrVeeIQPpZgvJXQw0yDUR1tYDPjEoNH4NN6zhczakmY
JHm1mEQpGhPpViQJfQZ0Q/Xyx7uKX7smPlfUA/YNoZCtSd1zK3R8T0xxm7iM8/P1
LrPVir1y52x93Tai2G+4wV1jMG1Q5Sm1HC3sRNpfTuhFBB7ABlINs+TsUqF8rgcR
//sLuqvn1/rBuTlJiDvl/tdmOcmG6+lpVR6PGUqAPNT2XN+cGiIMbtBriA0fiMPU
U4R3XjqGpJJncNY/X99MHxdAWabzAd0UsATXlh810sEq46ivBgp1UM7v5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKXeDX0KtZuatICUSGPPiVety9FIMB8GA1UdIwQY
MBaAFIfX99L8E0iRTABrVauT8tLjOQ3mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDlmMzB2d1RTSkZNQUd0VnE1UHkwdU01RGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9hNjU5MmUtYjFjMS00MDdjLThmMDQt
MzAxZGYyNzIxNTJlLzEvcGQ0TmZRcTFtNXEwZ0pSSVk4LUpWNjNMMFVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9hNjU5MmUtYjFjMS00MDdjLThmMDQtMzAxZGYyNzIxNTJl
LzEvaDlmMzB2d1RTSkZNQUd0VnE1UHkwdU01RGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufmYMA0G
CSqGSIb3DQEBCwUAA4IBAQA7QC1Bx0SxqQ3UMugBMwqADeYD9VGFMWLKCmZ34cer
Ps9WCeqwXGkFngxmh28nRjbHoTU9/fqdTSUtdH+M+Fm97stVARI4Ql6tMVxBKe4u
C9UTTHq8YspYwcxT/BXujnv/uaCSwQvYD610qqjOLizf2YaV6tq3fi8D8BWMuUle
udz1Z5t5RHj374XgykVkiE216bRCVyfFJUoi0v9rsMvjeWbM0AhPnxeCgdDmy2Tt
2O5ObL24sSHUDgTa8SUXC7sanEi0L2fNouaLCvYoFqhYrivjDyJVNOIFga/O5qV7
28X54zI5HfppSRmgzccYjWqVF9U+41kelWq8Ec2lCu/l
-----END CERTIFICATE-----